We use Sophos AV instead of ClamAV in couple of our linux servers. Sophos comes with on access scanning that uses a kernel module to trigger which file has been accessed unlike ClamAV which only come with signature and a basic scanning tool by default. It has it’s own benefit while drawbacks too. You have to give a certain amount of resources for Sophos. There are times, when you may require to disable the On Access Scanning on Sophos AV to diagnose different issues with the server.
To disable on access scanning on sophos AV, run the following from your terminal/ssh console:
/opt/sophos-av/bin/savdctl disable
To re-enable on access scanning on sophos AV, run the following:
/opt/sophos-av/bin/savdctl enable
Sophos log file is located here:
/opt/sophos-av/log
Sophos comes with multiple control binaries. They can be found at the following directory:
/opt/sophos-av/bin
You can find sophos binaries available at the man page too:
man savdctl